./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1404683827
<...>
Warning: Permanently added '10.128.1.112' (ECDSA) to the list of known hosts.
execve("./syz-executor1404683827", ["./syz-executor1404683827"], 0x7ffe9b2ab4f0 /* 10 vars */) = 0
brk(NULL) = 0x555555e21000
brk(0x555555e21c40) = 0x555555e21c40
arch_prctl(ARCH_SET_FS, 0x555555e21300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor1404683827", 4096) = 28
brk(0x555555e42c40) = 0x555555e42c40
brk(0x555555e43000) = 0x555555e43000
mprotect(0x7f8f51409000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
getpid() = 5067
mkdir("./syzkaller.JJET0k", 0700) = 0
chmod("./syzkaller.JJET0k", 0777) = 0
chdir("./syzkaller.JJET0k") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e215d0) = 5068
./strace-static-x86_64: Process 5068 attached
[pid 5068] chdir("./0") = 0
[pid 5068] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5068] setpgid(0, 0) = 0
[pid 5068] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5068] write(3, "1000", 4) = 4
[pid 5068] close(3) = 0
[pid 5068] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5068] memfd_create("syzkaller", 0) = 3
[pid 5068] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f48f4b000
[pid 5068] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid 5068] munmap(0x7f8f48f4b000, 4194304) = 0
[pid 5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5068] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5068] close(3) = 0
[pid 5068] mkdir("./file0", 0777) = 0
syzkaller login: [ 57.498501][ T5068] loop0: detected capacity change from 0 to 8192
[ 57.512200][ T5068] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[ 57.525622][ T5068] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal
[ 57.535221][ T5068] REISERFS (device loop0): using ordered data mode
[ 57.541734][ T5068] reiserfs: using flush barriers
[ 57.548475][ T5068] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[ 57.564990][ T5068] REISERFS (device loop0): checking transaction log (loop0)
[pid 5068] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid 5068] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5068] chdir("./file0") = 0
[pid 5068] ioctl(4, LOOP_CLR_FD) = 0
[pid 5068] close(4) = 0
[pid 5068] creat("./bus", 000) = 4
[pid 5068] writev(4, [{iov_base="\x14\x00\x00\x00\x24\x68\x37\xf7\x31\x99\xae\xe6\xfd\xb9\x29\x1b\x30\x91\xec\x1a\x2d\x41\xd2\x27\x97\x5a\xd8\xec\x03\x0f\x59\x19\xf3\x97\x86\x79\x97\xf9\xc0\xef\xa9\xc9\x09\x2a\x31\xcd\xbb\x98\xea\x27\x27\x87\xaf\xda\x0a\xf5\x9a\x32\x07\x09\xc3\xa5\x9e\xf0\x5c\x6f\x40\xce\xaf\xec\x53\xf4\x8d\x61\x86\xe7\xd8\x40\x9e\x35\x30\x62\x21\xca\xf6\x7b\x37\x0d\x87\x5e\xff\x31\x91\x93\x27\x28\xe5\xab\x6c\x9a"..., iov_len=128}, {iov_base="\xd1\xff\xac\xd5\x16\xde\x50\xac\x9d\x15\xbc\x75\x31\x6d\xa4\xde\xfa\x1e\x72\xf6\x5a\x65\xcd\xd2\x6d\xcc\x38\x9a\xac\xf7\x85\x6d\xa9\xae\xcf\x37\x65\xd4\xc0\x32\xe1\x96\x0f\xaf\x25\xba\xd9\x06\xb7\xd3\x44\x0b\x6e\x71\xa8\x2f\x1d\x8f\x8b\x8d\xb3\x5b\x60\x91\xf3\xaf\x94\xc6\xb4\x6b\x9a\xb1\x0f\xe3\x92\x3f\x26\x87\x71\x07\x8d\x26\x68\xbe\x7b\xd3\xeb\x94\x1d\x4b\xb5\xba\xa8\x54\x7e\x36\x28\x3a\x06\x5c"..., iov_len=3281}], 2) = 3409
[pid 5068] openat(AT_FDCWD, "/proc/thread-self/attr/exec", O_RDWR) = 5
[pid 5068] dup2(5, 4) = 4
[pid 5068] open(".", O_RDONLY) = 6
[pid 5068] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0
[pid 5068] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 7
[pid 5068] write(7, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191
[pid 5068] exit_group(0) = ?
[pid 5068] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5068, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555e22620 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./0/binderfs") = 0
[ 57.633549][ T5068] REISERFS (device loop0): Using r5 hash to sort names
[ 57.641333][ T5068] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555e2a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555e2a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/file0") = 0
getdents64(3, 0x555555e22620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e215d0) = 5071
./strace-static-x86_64: Process 5071 attached
[pid 5071] chdir("./1") = 0
[pid 5071] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5071] setpgid(0, 0) = 0
[pid 5071] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5071] write(3, "1000", 4) = 4
[pid 5071] close(3) = 0
[pid 5071] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5071] memfd_create("syzkaller", 0) = 3
[pid 5071] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f48f4b000
[pid 5071] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid 5071] munmap(0x7f8f48f4b000, 4194304) = 0
[pid 5071] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5071] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5071] close(3) = 0
[pid 5071] mkdir("./file0", 0777) = 0
[ 57.802886][ T5071] loop0: detected capacity change from 0 to 8192
[ 57.813950][ T5071] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[ 57.828241][ T5071] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal
[ 57.838174][ T5071] REISERFS (device loop0): using ordered data mode
[ 57.844743][ T5071] reiserfs: using flush barriers
[ 57.850504][ T5071] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[ 57.867389][ T5071] REISERFS (device loop0): checking transaction log (loop0)
[pid 5071] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid 5071] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5071] chdir("./file0") = 0
[pid 5071] ioctl(4, LOOP_CLR_FD) = 0
[pid 5071] close(4) = 0
[pid 5071] creat("./bus", 000) = 4
[pid 5071] writev(4, [{iov_base="\x14\x00\x00\x00\x24\x68\x37\xf7\x31\x99\xae\xe6\xfd\xb9\x29\x1b\x30\x91\xec\x1a\x2d\x41\xd2\x27\x97\x5a\xd8\xec\x03\x0f\x59\x19\xf3\x97\x86\x79\x97\xf9\xc0\xef\xa9\xc9\x09\x2a\x31\xcd\xbb\x98\xea\x27\x27\x87\xaf\xda\x0a\xf5\x9a\x32\x07\x09\xc3\xa5\x9e\xf0\x5c\x6f\x40\xce\xaf\xec\x53\xf4\x8d\x61\x86\xe7\xd8\x40\x9e\x35\x30\x62\x21\xca\xf6\x7b\x37\x0d\x87\x5e\xff\x31\x91\x93\x27\x28\xe5\xab\x6c\x9a"..., iov_len=128}, {iov_base="\xd1\xff\xac\xd5\x16\xde\x50\xac\x9d\x15\xbc\x75\x31\x6d\xa4\xde\xfa\x1e\x72\xf6\x5a\x65\xcd\xd2\x6d\xcc\x38\x9a\xac\xf7\x85\x6d\xa9\xae\xcf\x37\x65\xd4\xc0\x32\xe1\x96\x0f\xaf\x25\xba\xd9\x06\xb7\xd3\x44\x0b\x6e\x71\xa8\x2f\x1d\x8f\x8b\x8d\xb3\x5b\x60\x91\xf3\xaf\x94\xc6\xb4\x6b\x9a\xb1\x0f\xe3\x92\x3f\x26\x87\x71\x07\x8d\x26\x68\xbe\x7b\xd3\xeb\x94\x1d\x4b\xb5\xba\xa8\x54\x7e\x36\x28\x3a\x06\x5c"..., iov_len=3281}], 2) = 3409
[pid 5071] openat(AT_FDCWD, "/proc/thread-self/attr/exec", O_RDWR) = 5
[pid 5071] dup2(5, 4) = 4
[pid 5071] open(".", O_RDONLY) = 6
[pid 5071] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0
[pid 5071] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 7
[pid 5071] write(7, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191
[pid 5071] exit_group(0) = ?
[pid 5071] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5071, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=15 /* 0.15 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555e22620 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./1/binderfs") = 0
[ 57.918989][ T5071] REISERFS (device loop0): Using r5 hash to sort names
[ 57.926361][ T5071] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555e2a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555e2a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./1/file0") = 0
getdents64(3, 0x555555e22620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e215d0) = 5073
./strace-static-x86_64: Process 5073 attached
[pid 5073] chdir("./2") = 0
[pid 5073] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5073] setpgid(0, 0) = 0
[pid 5073] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5073] write(3, "1000", 4) = 4
[pid 5073] close(3) = 0
[pid 5073] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5073] memfd_create("syzkaller", 0) = 3
[pid 5073] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f48f4b000
[pid 5073] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid 5073] munmap(0x7f8f48f4b000, 4194304) = 0
[pid 5073] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5073] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5073] close(3) = 0
[pid 5073] mkdir("./file0", 0777) = 0
[ 58.082859][ T5073] loop0: detected capacity change from 0 to 8192
[ 58.093328][ T5073] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[ 58.106707][ T5073] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal
[ 58.116033][ T5073] REISERFS (device loop0): using ordered data mode
[ 58.122533][ T5073] reiserfs: using flush barriers
[ 58.128878][ T5073] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[ 58.145912][ T5073] REISERFS (device loop0): checking transaction log (loop0)
[pid 5073] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid 5073] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5073] chdir("./file0") = 0
[pid 5073] ioctl(4, LOOP_CLR_FD) = 0
[pid 5073] close(4) = 0
[pid 5073] creat("./bus", 000) = 4
[pid 5073] writev(4, [{iov_base="\x14\x00\x00\x00\x24\x68\x37\xf7\x31\x99\xae\xe6\xfd\xb9\x29\x1b\x30\x91\xec\x1a\x2d\x41\xd2\x27\x97\x5a\xd8\xec\x03\x0f\x59\x19\xf3\x97\x86\x79\x97\xf9\xc0\xef\xa9\xc9\x09\x2a\x31\xcd\xbb\x98\xea\x27\x27\x87\xaf\xda\x0a\xf5\x9a\x32\x07\x09\xc3\xa5\x9e\xf0\x5c\x6f\x40\xce\xaf\xec\x53\xf4\x8d\x61\x86\xe7\xd8\x40\x9e\x35\x30\x62\x21\xca\xf6\x7b\x37\x0d\x87\x5e\xff\x31\x91\x93\x27\x28\xe5\xab\x6c\x9a"..., iov_len=128}, {iov_base="\xd1\xff\xac\xd5\x16\xde\x50\xac\x9d\x15\xbc\x75\x31\x6d\xa4\xde\xfa\x1e\x72\xf6\x5a\x65\xcd\xd2\x6d\xcc\x38\x9a\xac\xf7\x85\x6d\xa9\xae\xcf\x37\x65\xd4\xc0\x32\xe1\x96\x0f\xaf\x25\xba\xd9\x06\xb7\xd3\x44\x0b\x6e\x71\xa8\x2f\x1d\x8f\x8b\x8d\xb3\x5b\x60\x91\xf3\xaf\x94\xc6\xb4\x6b\x9a\xb1\x0f\xe3\x92\x3f\x26\x87\x71\x07\x8d\x26\x68\xbe\x7b\xd3\xeb\x94\x1d\x4b\xb5\xba\xa8\x54\x7e\x36\x28\x3a\x06\x5c"..., iov_len=3281}], 2) = 3409
[pid 5073] openat(AT_FDCWD, "/proc/thread-self/attr/exec", O_RDWR) = 5
[pid 5073] dup2(5, 4) = 4
[pid 5073] open(".", O_RDONLY) = 6
[pid 5073] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0
[pid 5073] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 7
[pid 5073] write(7, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191
[pid 5073] exit_group(0) = ?
[pid 5073] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5073, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555e22620 /* 4 entries */, 32768) = 112
umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./2/binderfs") = 0
[ 58.194309][ T5073] REISERFS (device loop0): Using r5 hash to sort names
[ 58.201562][ T5073] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555e2a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555e2a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./2/file0") = 0
getdents64(3, 0x555555e22620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./2") = 0
mkdir("./3", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e215d0) = 5075
./strace-static-x86_64: Process 5075 attached
[pid 5075] chdir("./3") = 0
[pid 5075] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5075] setpgid(0, 0) = 0
[pid 5075] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5075] write(3, "1000", 4) = 4
[pid 5075] close(3) = 0
[pid 5075] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5075] memfd_create("syzkaller", 0) = 3
[pid 5075] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f48f4b000
[pid 5075] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid 5075] munmap(0x7f8f48f4b000, 4194304) = 0
[pid 5075] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5075] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5075] close(3) = 0
[pid 5075] mkdir("./file0", 0777) = 0
[ 58.364620][ T5075] loop0: detected capacity change from 0 to 8192
[ 58.375275][ T5075] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[ 58.388423][ T5075] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal
[ 58.397939][ T5075] REISERFS (device loop0): using ordered data mode
[ 58.404528][ T5075] reiserfs: using flush barriers
[ 58.410892][ T5075] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[ 58.427269][ T5075] REISERFS (device loop0): checking transaction log (loop0)
[pid 5075] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid 5075] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5075] chdir("./file0") = 0
[pid 5075] ioctl(4, LOOP_CLR_FD) = 0
[pid 5075] close(4) = 0
[pid 5075] creat("./bus", 000) = 4
[pid 5075] writev(4, [{iov_base="\x14\x00\x00\x00\x24\x68\x37\xf7\x31\x99\xae\xe6\xfd\xb9\x29\x1b\x30\x91\xec\x1a\x2d\x41\xd2\x27\x97\x5a\xd8\xec\x03\x0f\x59\x19\xf3\x97\x86\x79\x97\xf9\xc0\xef\xa9\xc9\x09\x2a\x31\xcd\xbb\x98\xea\x27\x27\x87\xaf\xda\x0a\xf5\x9a\x32\x07\x09\xc3\xa5\x9e\xf0\x5c\x6f\x40\xce\xaf\xec\x53\xf4\x8d\x61\x86\xe7\xd8\x40\x9e\x35\x30\x62\x21\xca\xf6\x7b\x37\x0d\x87\x5e\xff\x31\x91\x93\x27\x28\xe5\xab\x6c\x9a"..., iov_len=128}, {iov_base="\xd1\xff\xac\xd5\x16\xde\x50\xac\x9d\x15\xbc\x75\x31\x6d\xa4\xde\xfa\x1e\x72\xf6\x5a\x65\xcd\xd2\x6d\xcc\x38\x9a\xac\xf7\x85\x6d\xa9\xae\xcf\x37\x65\xd4\xc0\x32\xe1\x96\x0f\xaf\x25\xba\xd9\x06\xb7\xd3\x44\x0b\x6e\x71\xa8\x2f\x1d\x8f\x8b\x8d\xb3\x5b\x60\x91\xf3\xaf\x94\xc6\xb4\x6b\x9a\xb1\x0f\xe3\x92\x3f\x26\x87\x71\x07\x8d\x26\x68\xbe\x7b\xd3\xeb\x94\x1d\x4b\xb5\xba\xa8\x54\x7e\x36\x28\x3a\x06\x5c"..., iov_len=3281}], 2) = 3409
[pid 5075] openat(AT_FDCWD, "/proc/thread-self/attr/exec", O_RDWR) = 5
[pid 5075] dup2(5, 4) = 4
[pid 5075] open(".", O_RDONLY) = 6
[pid 5075] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0
[pid 5075] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 7
[pid 5075] write(7, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191
[pid 5075] exit_group(0) = ?
[pid 5075] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5075, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555e22620 /* 4 entries */, 32768) = 112
umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./3/binderfs") = 0
[ 58.479001][ T5075] REISERFS (device loop0): Using r5 hash to sort names
[ 58.486575][ T5075] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555e2a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555e2a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./3/file0") = 0
getdents64(3, 0x555555e22620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./3") = 0
mkdir("./4", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e215d0) = 5077
./strace-static-x86_64: Process 5077 attached
[pid 5077] chdir("./4") = 0
[pid 5077] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5077] setpgid(0, 0) = 0
[pid 5077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5077] write(3, "1000", 4) = 4
[pid 5077] close(3) = 0
[pid 5077] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5077] memfd_create("syzkaller", 0) = 3
[pid 5077] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f48f4b000
[pid 5077] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid 5077] munmap(0x7f8f48f4b000, 4194304) = 0
[pid 5077] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5077] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5077] close(3) = 0
[pid 5077] mkdir("./file0", 0777) = 0
[ 58.650451][ T5077] loop0: detected capacity change from 0 to 8192
[ 58.671712][ T5077] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[ 58.685109][ T5077] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal
[ 58.694274][ T5077] REISERFS (device loop0): using ordered data mode
[ 58.700888][ T5077] reiserfs: using flush barriers
[ 58.707090][ T5077] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[ 58.723657][ T5077] REISERFS (device loop0): checking transaction log (loop0)
[pid 5077] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid 5077] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5077] chdir("./file0") = 0
[pid 5077] ioctl(4, LOOP_CLR_FD) = 0
[pid 5077] close(4) = 0
[pid 5077] creat("./bus", 000) = 4
[pid 5077] writev(4, [{iov_base="\x14\x00\x00\x00\x24\x68\x37\xf7\x31\x99\xae\xe6\xfd\xb9\x29\x1b\x30\x91\xec\x1a\x2d\x41\xd2\x27\x97\x5a\xd8\xec\x03\x0f\x59\x19\xf3\x97\x86\x79\x97\xf9\xc0\xef\xa9\xc9\x09\x2a\x31\xcd\xbb\x98\xea\x27\x27\x87\xaf\xda\x0a\xf5\x9a\x32\x07\x09\xc3\xa5\x9e\xf0\x5c\x6f\x40\xce\xaf\xec\x53\xf4\x8d\x61\x86\xe7\xd8\x40\x9e\x35\x30\x62\x21\xca\xf6\x7b\x37\x0d\x87\x5e\xff\x31\x91\x93\x27\x28\xe5\xab\x6c\x9a"..., iov_len=128}, {iov_base="\xd1\xff\xac\xd5\x16\xde\x50\xac\x9d\x15\xbc\x75\x31\x6d\xa4\xde\xfa\x1e\x72\xf6\x5a\x65\xcd\xd2\x6d\xcc\x38\x9a\xac\xf7\x85\x6d\xa9\xae\xcf\x37\x65\xd4\xc0\x32\xe1\x96\x0f\xaf\x25\xba\xd9\x06\xb7\xd3\x44\x0b\x6e\x71\xa8\x2f\x1d\x8f\x8b\x8d\xb3\x5b\x60\x91\xf3\xaf\x94\xc6\xb4\x6b\x9a\xb1\x0f\xe3\x92\x3f\x26\x87\x71\x07\x8d\x26\x68\xbe\x7b\xd3\xeb\x94\x1d\x4b\xb5\xba\xa8\x54\x7e\x36\x28\x3a\x06\x5c"..., iov_len=3281}], 2) = 3409
[pid 5077] openat(AT_FDCWD, "/proc/thread-self/attr/exec", O_RDWR) = 5
[pid 5077] dup2(5, 4) = 4
[pid 5077] open(".", O_RDONLY) = 6
[pid 5077] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0
[pid 5077] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 7
[pid 5077] write(7, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191
[pid 5077] exit_group(0) = ?
[pid 5077] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5077, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555e22620 /* 4 entries */, 32768) = 112
umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./4/binderfs") = 0
[ 58.765868][ T5077] REISERFS (device loop0): Using r5 hash to sort names
[ 58.773060][ T5077] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555e2a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555e2a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./4/file0") = 0
getdents64(3, 0x555555e22620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./4") = 0
mkdir("./5", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e215d0) = 5079
./strace-static-x86_64: Process 5079 attached
[pid 5079] chdir("./5") = 0
[pid 5079] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5079] setpgid(0, 0) = 0
[pid 5079] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5079] write(3, "1000", 4) = 4
[pid 5079] close(3) = 0
[pid 5079] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5079] memfd_create("syzkaller", 0) = 3
[pid 5079] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f48f4b000
[pid 5079] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid 5079] munmap(0x7f8f48f4b000, 4194304) = 0
[pid 5079] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5079] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5079] close(3) = 0
[pid 5079] mkdir("./file0", 0777) = 0
[ 58.919526][ T5079] loop0: detected capacity change from 0 to 8192
[ 58.930824][ T5079] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[ 58.943887][ T5079] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal
[ 58.953196][ T5079] REISERFS (device loop0): using ordered data mode
[ 58.959776][ T5079] reiserfs: using flush barriers
[ 58.965796][ T5079] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[ 58.982181][ T5079] REISERFS (device loop0): checking transaction log (loop0)
[pid 5079] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid 5079] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5079] chdir("./file0") = 0
[pid 5079] ioctl(4, LOOP_CLR_FD) = 0
[pid 5079] close(4) = 0
[pid 5079] creat("./bus", 000) = 4
[pid 5079] writev(4, [{iov_base="\x14\x00\x00\x00\x24\x68\x37\xf7\x31\x99\xae\xe6\xfd\xb9\x29\x1b\x30\x91\xec\x1a\x2d\x41\xd2\x27\x97\x5a\xd8\xec\x03\x0f\x59\x19\xf3\x97\x86\x79\x97\xf9\xc0\xef\xa9\xc9\x09\x2a\x31\xcd\xbb\x98\xea\x27\x27\x87\xaf\xda\x0a\xf5\x9a\x32\x07\x09\xc3\xa5\x9e\xf0\x5c\x6f\x40\xce\xaf\xec\x53\xf4\x8d\x61\x86\xe7\xd8\x40\x9e\x35\x30\x62\x21\xca\xf6\x7b\x37\x0d\x87\x5e\xff\x31\x91\x93\x27\x28\xe5\xab\x6c\x9a"..., iov_len=128}, {iov_base="\xd1\xff\xac\xd5\x16\xde\x50\xac\x9d\x15\xbc\x75\x31\x6d\xa4\xde\xfa\x1e\x72\xf6\x5a\x65\xcd\xd2\x6d\xcc\x38\x9a\xac\xf7\x85\x6d\xa9\xae\xcf\x37\x65\xd4\xc0\x32\xe1\x96\x0f\xaf\x25\xba\xd9\x06\xb7\xd3\x44\x0b\x6e\x71\xa8\x2f\x1d\x8f\x8b\x8d\xb3\x5b\x60\x91\xf3\xaf\x94\xc6\xb4\x6b\x9a\xb1\x0f\xe3\x92\x3f\x26\x87\x71\x07\x8d\x26\x68\xbe\x7b\xd3\xeb\x94\x1d\x4b\xb5\xba\xa8\x54\x7e\x36\x28\x3a\x06\x5c"..., iov_len=3281}], 2) = 3409
[pid 5079] openat(AT_FDCWD, "/proc/thread-self/attr/exec", O_RDWR) = 5
[pid 5079] dup2(5, 4) = 4
[pid 5079] open(".", O_RDONLY) = 6
[pid 5079] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0
[pid 5079] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 7
[pid 5079] write(7, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191
[pid 5079] exit_group(0) = ?
[pid 5079] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5079, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} ---
umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555e22620 /* 4 entries */, 32768) = 112
umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./5/binderfs") = 0
[ 59.024279][ T5079] REISERFS (device loop0): Using r5 hash to sort names
[ 59.031544][ T5079] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555e2a660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555e2a660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./5/file0") = 0
getdents64(3, 0x555555e22620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./5") = 0
mkdir("./6", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e215d0) = 5081
./strace-static-x86_64: Process 5081 attached
[pid 5081] chdir("./6") = 0
[pid 5081] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5081] setpgid(0, 0) = 0
[pid 5081] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5081] write(3, "1000", 4) = 4
[pid 5081] close(3) = 0
[pid 5081] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5081] memfd_create("syzkaller", 0) = 3
[pid 5081] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f48f4b000
[pid 5081] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid 5081] munmap(0x7f8f48f4b000, 4194304) = 0
[pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5081] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5081] close(3) = 0
[pid 5081] mkdir("./file0", 0777) = 0
[ 59.179777][ T5081] loop0: detected capacity change from 0 to 8192
[ 59.190956][ T5081] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[ 59.204182][ T5081] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal
[ 59.214959][ T5081] REISERFS (device loop0): using ordered data mode
[ 59.223052][ T5081] reiserfs: using flush barriers
[ 59.230964][ T5081] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[ 59.249980][ T5081] REISERFS (device loop0): checking transaction log (loop0)
[pid 5081] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid 5081] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5081] chdir("./file0") = 0
[pid 5081] ioctl(4, LOOP_CLR_FD) = 0
[pid 5081] close(4) = 0
[pid 5081] creat("./bus", 000) = 4
[pid 5081] writev(4, [{iov_base="\x14\x00\x00\x00\x24\x68\x37\xf7\x31\x99\xae\xe6\xfd\xb9\x29\x1b\x30\x91\xec\x1a\x2d\x41\xd2\x27\x97\x5a\xd8\xec\x03\x0f\x59\x19\xf3\x97\x86\x79\x97\xf9\xc0\xef\xa9\xc9\x09\x2a\x31\xcd\xbb\x98\xea\x27\x27\x87\xaf\xda\x0a\xf5\x9a\x32\x07\x09\xc3\xa5\x9e\xf0\x5c\x6f\x40\xce\xaf\xec\x53\xf4\x8d\x61\x86\xe7\xd8\x40\x9e\x35\x30\x62\x21\xca\xf6\x7b\x37\x0d\x87\x5e\xff\x31\x91\x93\x27\x28\xe5\xab\x6c\x9a"..., iov_len=128}, {iov_base="\xd1\xff\xac\xd5\x16\xde\x50\xac\x9d\x15\xbc\x75\x31\x6d\xa4\xde\xfa\x1e\x72\xf6\x5a\x65\xcd\xd2\x6d\xcc\x38\x9a\xac\xf7\x85\x6d\xa9\xae\xcf\x37\x65\xd4\xc0\x32\xe1\x96\x0f\xaf\x25\xba\xd9\x06\xb7\xd3\x44\x0b\x6e\x71\xa8\x2f\x1d\x8f\x8b\x8d\xb3\x5b\x60\x91\xf3\xaf\x94\xc6\xb4\x6b\x9a\xb1\x0f\xe3\x92\x3f\x26\x87\x71\x07\x8d\x26\x68\xbe\x7b\xd3\xeb\x94\x1d\x4b\xb5\xba\xa8\x54\x7e\x36\x28\x3a\x06\x5c"..., iov_len=3281}], 2) = 3409
[pid 5081] openat(AT_FDCWD, "/proc/thread-self/attr/exec", O_RDWR) = 5
[pid 5081] dup2(5, 4) = 4
[pid 5081] open(".", O_RDONLY) = 6
[pid 5081] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0
[pid 5081] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 7
[ 59.298633][ T5081] REISERFS (device loop0): Using r5 hash to sort names
[ 59.306100][ T5081] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[ 59.342357][ T5081] ==================================================================
[ 59.350464][ T5081] BUG: KASAN: use-after-free in leaf_paste_in_buffer+0x739/0xca0
[ 59.358208][ T5081] Read of size 176 at addr ffff88807263ff90 by task syz-executor140/5081
[ 59.366606][ T5081]
[ 59.368917][ T5081] CPU: 0 PID: 5081 Comm: syz-executor140 Not tainted 6.2.0-rc1-syzkaller #0
[ 59.377597][ T5081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 59.387642][ T5081] Call Trace:
[ 59.390942][ T5081]
[ 59.393870][ T5081] dump_stack_lvl+0x1b1/0x290
[ 59.398579][ T5081] ? nf_tcp_handle_invalid+0x630/0x630
[ 59.404044][ T5081] ? __wake_up_klogd+0xcd/0x100
[ 59.408902][ T5081] ? panic+0x710/0x710
[ 59.412962][ T5081] ? _printk+0xc0/0x100
[ 59.417114][ T5081] print_address_description+0x74/0x340
[ 59.422665][ T5081] print_report+0x107/0x1f0
[ 59.427162][ T5081] ? _raw_spin_lock+0x40/0x40
[ 59.431926][ T5081] ? __virt_addr_valid+0x21b/0x2d0
[ 59.437138][ T5081] ? __phys_addr+0xb5/0x160
[ 59.441642][ T5081] ? leaf_paste_in_buffer+0x739/0xca0
[ 59.447024][ T5081] kasan_report+0xcd/0x100
[ 59.451440][ T5081] ? reacquire_held_locks+0x650/0x650
[ 59.456955][ T5081] ? leaf_paste_in_buffer+0x739/0xca0
[ 59.462327][ T5081] kasan_check_range+0x2a7/0x2e0
[ 59.467359][ T5081] ? leaf_paste_in_buffer+0x739/0xca0
[ 59.472771][ T5081] memcpy+0x25/0x60
[ 59.476762][ T5081] leaf_paste_in_buffer+0x739/0xca0
[ 59.482851][ T5081] leaf_copy_dir_entries+0x6e2/0xbf0
[ 59.488172][ T5081] ? leaf_item_bottle+0x19a0/0x19a0
[ 59.493371][ T5081] ? bad_range+0x88/0x2e0
[ 59.498053][ T5081] ? deref_stack_reg+0x17a/0x210
[ 59.502989][ T5081] leaf_copy_boundary_item+0xb7c/0x20f0
[ 59.508738][ T5081] leaf_move_items+0xc74/0x1330
[ 59.513622][ T5081] ? reiserfs_convert_objectid_map_v1+0x6d0/0x6d0
[ 59.520049][ T5081] ? read_lock_is_recursive+0x10/0x10
[ 59.525430][ T5081] leaf_shift_left+0xb7/0x420
[ 59.530148][ T5081] balance_leaf+0x1579/0x123a0
[ 59.534944][ T5081] ? __lock_acquire+0x1292/0x1f60
[ 59.539972][ T5081] ? do_balance+0x8d0/0x8d0
[ 59.544485][ T5081] ? rcu_read_lock_sched_held+0x87/0x110
[ 59.550116][ T5081] ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 59.556089][ T5081] ? trace_raw_output_contention_end+0xd0/0xd0
[ 59.562246][ T5081] ? trace_contention_end+0x72/0x1d0
[ 59.567637][ T5081] ? __mutex_lock_common+0x45f/0x26e0
[ 59.573114][ T5081] ? write_boundary_block+0xb0/0xb0
[ 59.578325][ T5081] ? __mutex_unlock_slowpath+0x222/0x770
[ 59.583953][ T5081] ? __might_sleep+0xc0/0xc0
[ 59.588632][ T5081] ? reiserfs_write_lock_nested+0x5b/0xd0
[ 59.594371][ T5081] ? mutex_lock_io_nested+0x60/0x60
[ 59.599581][ T5081] ? get_empty_nodes+0x5a3/0xd00
[ 59.604519][ T5081] ? indirect_part_size+0x8/0x10
[ 59.609456][ T5081] ? __wake_up+0x1f0/0x1f0
[ 59.613888][ T5081] ? get_neighbors+0x1020/0x1020
[ 59.618846][ T5081] ? mutex_lock_nested+0x17/0x20
[ 59.623775][ T5081] ? reiserfs_write_lock_nested+0x5b/0xd0
[ 59.629490][ T5081] ? reiserfs_prepare_for_journal+0x239/0x250
[ 59.635555][ T5081] ? fix_nodes+0x73e4/0x8560
[ 59.640159][ T5081] do_balance+0x2d6/0x8d0
[ 59.644506][ T5081] ? get_right_neighbor_position+0x200/0x200
[ 59.650530][ T5081] ? reiserfs_insert_item+0x67b/0xcb0
[ 59.655919][ T5081] reiserfs_insert_item+0xb54/0xcb0
[ 59.661128][ T5081] ? reiserfs_paste_into_item+0x880/0x880
[ 59.666887][ T5081] ? show_alloc_options+0xbd0/0xbd0
[ 59.672073][ T5081] ? journal_begin+0x1f1/0x350
[ 59.676837][ T5081] ? copy_item_head+0x1e/0x30
[ 59.681538][ T5081] ? reiserfs_get_block+0x1fda/0x5180
[ 59.686906][ T5081] reiserfs_get_block+0x20a2/0x5180
[ 59.692803][ T5081] ? make_le_item_head+0x5b0/0x5b0
[ 59.697914][ T5081] ? register_lock_class+0xc2/0x930
[ 59.703118][ T5081] ? create_page_buffers+0x1c8/0x4b0
[ 59.708489][ T5081] ? __block_write_begin_int+0x1e0/0x1a80
[ 59.714209][ T5081] ? reiserfs_write_begin+0x247/0x510
[ 59.719570][ T5081] ? generic_perform_write+0x2e4/0x5e0
[ 59.725019][ T5081] ? __generic_file_write_iter+0x176/0x400
[ 59.730906][ T5081] ? vfs_write+0x7dc/0xc50
[ 59.735329][ T5081] ? ksys_write+0x177/0x2a0
[ 59.739839][ T5081] ? is_dynamic_key+0x1f0/0x1f0
[ 59.744684][ T5081] ? mark_lock+0x9a/0x350
[ 59.749006][ T5081] ? __lock_acquire+0x1292/0x1f60
[ 59.754023][ T5081] ? rcu_read_lock_sched_held+0x22/0x110
[ 59.759655][ T5081] ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 59.765658][ T5081] ? __lock_acquire+0x1f60/0x1f60
[ 59.770670][ T5081] ? alloc_page_buffers+0x326/0x460
[ 59.775873][ T5081] ? do_raw_spin_unlock+0x134/0x8a0
[ 59.781098][ T5081] ? create_page_buffers+0x244/0x4b0
[ 59.786478][ T5081] __block_write_begin_int+0x54c/0x1a80
[ 59.792021][ T5081] ? xas_load+0x127/0x150
[ 59.796346][ T5081] ? make_le_item_head+0x5b0/0x5b0
[ 59.801458][ T5081] ? page_zero_new_buffers+0x940/0x940
[ 59.807341][ T5081] ? fault_in_readable+0x219/0x310
[ 59.812460][ T5081] ? __block_write_begin+0x51/0x150
[ 59.818021][ T5081] ? reiserfs_write_begin+0x180/0x510
[ 59.823425][ T5081] reiserfs_write_begin+0x247/0x510
[ 59.828639][ T5081] generic_perform_write+0x2e4/0x5e0
[ 59.833926][ T5081] ? generic_file_direct_write+0x610/0x610
[ 59.839726][ T5081] ? __file_remove_privs+0x610/0x610
[ 59.845001][ T5081] ? generic_write_checks+0x15c/0x1c0
[ 59.850364][ T5081] __generic_file_write_iter+0x176/0x400
[ 59.855998][ T5081] generic_file_write_iter+0xab/0x310
[ 59.861362][ T5081] vfs_write+0x7dc/0xc50
[ 59.865599][ T5081] ? file_end_write+0x230/0x230
[ 59.870497][ T5081] ? ptrace_stop+0x74d/0x970
[ 59.875193][ T5081] ? _raw_spin_unlock_irq+0x2a/0x40
[ 59.880416][ T5081] ? __fdget_pos+0x252/0x2e0
[ 59.885015][ T5081] ksys_write+0x177/0x2a0
[ 59.889353][ T5081] ? __ia32_sys_read+0x80/0x80
[ 59.894125][ T5081] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 59.900105][ T5081] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 59.906097][ T5081] do_syscall_64+0x3d/0xb0
[ 59.910520][ T5081] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 59.916422][ T5081] RIP: 0033:0x7f8f51398ac9
[ 59.920904][ T5081] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 59.940537][ T5081] RSP: 002b:00007ffffac9ddc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 59.949223][ T5081] RAX: ffffffffffffffda RBX: 000000000000e5cd RCX: 00007f8f51398ac9
[ 59.957198][ T5081] RDX: 000000000000fea7 RSI: 0000000020000280 RDI: 0000000000000007
[ 59.965350][ T5081] RBP: 0000000000000000 R08: 0000000000000014 R09: 00007ffffac9ddf0
[ 59.973314][ T5081] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffffac9ddec
[ 59.981297][ T5081] R13: 00007ffffac9de20 R14: 00007ffffac9de00 R15: 0000000000000006
[ 59.989377][ T5081]
[ 59.992394][ T5081]
[ 59.994703][ T5081] The buggy address belongs to the physical page:
[ 60.001097][ T5081] page:ffffea0001c98fc0 refcount:3 mapcount:0 mapping:ffff888140cfc9f8 index:0x214 pfn:0x7263f
[ 60.011501][ T5081] memcg:ffff888140148000
[ 60.015733][ T5081] aops:def_blk_aops ino:700000
[ 60.020562][ T5081] flags: 0xfff00000002022(referenced|active|private|node=0|zone=1|lastcpupid=0x7ff)
[ 60.029948][ T5081] raw: 00fff00000002022 0000000000000000 dead000000000122 ffff888140cfc9f8
[ 60.038526][ T5081] raw: 0000000000000214 ffff888072e65910 00000003ffffffff ffff888140148000
[ 60.047096][ T5081] page dumped because: kasan: bad access detected
[ 60.053495][ T5081] page_owner tracks the page as allocated
[ 60.059198][ T5081] page last allocated via order 0, migratetype Movable, gfp_mask 0x148c48(GFP_NOFS|__GFP_NOFAIL|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE), pid 5081, tgid 5081 (syz-executor140), ts 59340903960, free_ts 58833690080
[ 60.079892][ T5081] get_page_from_freelist+0x742/0x7c0
[ 60.085300][ T5081] __alloc_pages+0x259/0x560
[ 60.089888][ T5081] folio_alloc+0x1a/0x50
[ 60.094129][ T5081] filemap_alloc_folio+0xca/0x2c0
[ 60.099155][ T5081] __filemap_get_folio+0x892/0x1250
[ 60.104351][ T5081] pagecache_get_page+0x28/0x250
[ 60.109294][ T5081] grow_dev_page+0xba/0x920
[ 60.113808][ T5081] __getblk_gfp+0x16c/0x290
[ 60.118322][ T5081] get_empty_nodes+0x68a/0xd00
[ 60.123081][ T5081] fix_nodes+0x2480/0x8560
[ 60.127490][ T5081] reiserfs_insert_item+0xa78/0xcb0
[ 60.132672][ T5081] reiserfs_new_inode+0x11c7/0x1cd0
[ 60.137858][ T5081] reiserfs_create+0x3a6/0x660
[ 60.142605][ T5081] path_openat+0x12ac/0x2dd0
[ 60.147194][ T5081] do_filp_open+0x264/0x4f0
[ 60.151699][ T5081] do_sys_openat2+0x124/0x4e0
[ 60.156361][ T5081] page last free stack trace:
[ 60.161016][ T5081] free_pcp_prepare+0x751/0x780
[ 60.165864][ T5081] free_unref_page_list+0xb2/0x830
[ 60.170973][ T5081] release_pages+0x233e/0x25e0
[ 60.175745][ T5081] __pagevec_release+0x7d/0xf0
[ 60.180506][ T5081] shmem_undo_range+0x6d0/0x1fe0
[ 60.185436][ T5081] shmem_evict_inode+0x276/0xa10
[ 60.190364][ T5081] evict+0x2a4/0x620
[ 60.194265][ T5081] __dentry_kill+0x3b1/0x5b0
[ 60.198862][ T5081] dentry_kill+0xbb/0x290
[ 60.203194][ T5081] dput+0x1f3/0x410
[ 60.206989][ T5081] __fput+0x5e4/0x880
[ 60.210974][ T5081] task_work_run+0x243/0x300
[ 60.215561][ T5081] ptrace_notify+0x29a/0x340
[ 60.220148][ T5081] syscall_exit_work+0x8c/0xe0
[ 60.224987][ T5081] syscall_exit_to_user_mode_prepare+0x63/0xc0
[ 60.231129][ T5081] syscall_exit_to_user_mode+0xa/0x60
[ 60.236503][ T5081]
[ 60.238813][ T5081] Memory state around the buggy address:
[ 60.244442][ T5081] ffff88807263ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 60.252595][ T5081] ffff88807263ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 60.260645][ T5081] >ffff888072640000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 60.268693][ T5081] ^
[ 60.272749][ T5081] ffff888072640080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 60.280811][ T5081] ffff888072640100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 60.288866][ T5081] ==================================================================
[ 60.297898][ T5081] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 60.305132][ T5081] CPU: 0 PID: 5081 Comm: syz-executor140 Not tainted 6.2.0-rc1-syzkaller #0
[ 60.313925][ T5081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 60.323970][ T5081] Call Trace:
[ 60.327268][ T5081]
[ 60.330201][ T5081] dump_stack_lvl+0x1b1/0x290
[ 60.334874][ T5081] ? nf_tcp_handle_invalid+0x630/0x630
[ 60.340339][ T5081] ? panic+0x710/0x710
[ 60.344399][ T5081] ? lock_release+0x81/0x820
[ 60.349012][ T5081] ? vscnprintf+0x59/0x80
[ 60.353340][ T5081] panic+0x2d6/0x710
[ 60.357239][ T5081] ? check_panic_on_warn+0x1d/0xa0
[ 60.362352][ T5081] ? memcpy_page_flushcache+0x100/0x100
[ 60.367885][ T5081] ? _raw_spin_unlock_irqrestore+0x110/0x120
[ 60.373864][ T5081] ? _raw_spin_unlock+0x40/0x40
[ 60.378703][ T5081] ? print_report+0x1b4/0x1f0
[ 60.383373][ T5081] check_panic_on_warn+0x80/0xa0
[ 60.388303][ T5081] ? leaf_paste_in_buffer+0x739/0xca0
[ 60.393672][ T5081] end_report+0x47/0x90
[ 60.397850][ T5081] kasan_report+0xda/0x100
[ 60.402263][ T5081] ? reacquire_held_locks+0x650/0x650
[ 60.407639][ T5081] ? leaf_paste_in_buffer+0x739/0xca0
[ 60.413029][ T5081] kasan_check_range+0x2a7/0x2e0
[ 60.417984][ T5081] ? leaf_paste_in_buffer+0x739/0xca0
[ 60.423355][ T5081] memcpy+0x25/0x60
[ 60.427152][ T5081] leaf_paste_in_buffer+0x739/0xca0
[ 60.432356][ T5081] leaf_copy_dir_entries+0x6e2/0xbf0
[ 60.437838][ T5081] ? leaf_item_bottle+0x19a0/0x19a0
[ 60.443048][ T5081] ? bad_range+0x88/0x2e0
[ 60.447407][ T5081] ? deref_stack_reg+0x17a/0x210
[ 60.452348][ T5081] leaf_copy_boundary_item+0xb7c/0x20f0
[ 60.457894][ T5081] leaf_move_items+0xc74/0x1330
[ 60.462751][ T5081] ? reiserfs_convert_objectid_map_v1+0x6d0/0x6d0
[ 60.469183][ T5081] ? read_lock_is_recursive+0x10/0x10
[ 60.474543][ T5081] leaf_shift_left+0xb7/0x420
[ 60.479214][ T5081] balance_leaf+0x1579/0x123a0
[ 60.483994][ T5081] ? __lock_acquire+0x1292/0x1f60
[ 60.489028][ T5081] ? do_balance+0x8d0/0x8d0
[ 60.493544][ T5081] ? rcu_read_lock_sched_held+0x87/0x110
[ 60.499162][ T5081] ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 60.505137][ T5081] ? trace_raw_output_contention_end+0xd0/0xd0
[ 60.511290][ T5081] ? trace_contention_end+0x72/0x1d0
[ 60.516569][ T5081] ? __mutex_lock_common+0x45f/0x26e0
[ 60.521954][ T5081] ? write_boundary_block+0xb0/0xb0
[ 60.527146][ T5081] ? __mutex_unlock_slowpath+0x222/0x770
[ 60.532768][ T5081] ? __might_sleep+0xc0/0xc0
[ 60.537347][ T5081] ? reiserfs_write_lock_nested+0x5b/0xd0
[ 60.543058][ T5081] ? mutex_lock_io_nested+0x60/0x60
[ 60.548259][ T5081] ? get_empty_nodes+0x5a3/0xd00
[ 60.553212][ T5081] ? indirect_part_size+0x8/0x10
[ 60.558175][ T5081] ? __wake_up+0x1f0/0x1f0
[ 60.562602][ T5081] ? get_neighbors+0x1020/0x1020
[ 60.567548][ T5081] ? mutex_lock_nested+0x17/0x20
[ 60.572497][ T5081] ? reiserfs_write_lock_nested+0x5b/0xd0
[ 60.578214][ T5081] ? reiserfs_prepare_for_journal+0x239/0x250
[ 60.584271][ T5081] ? fix_nodes+0x73e4/0x8560
[ 60.588890][ T5081] do_balance+0x2d6/0x8d0
[ 60.593257][ T5081] ? get_right_neighbor_position+0x200/0x200
[ 60.599231][ T5081] ? reiserfs_insert_item+0x67b/0xcb0
[ 60.604597][ T5081] reiserfs_insert_item+0xb54/0xcb0
[ 60.609798][ T5081] ? reiserfs_paste_into_item+0x880/0x880
[ 60.615568][ T5081] ? show_alloc_options+0xbd0/0xbd0
[ 60.620770][ T5081] ? journal_begin+0x1f1/0x350
[ 60.625522][ T5081] ? copy_item_head+0x1e/0x30
[ 60.630191][ T5081] ? reiserfs_get_block+0x1fda/0x5180
[ 60.635552][ T5081] reiserfs_get_block+0x20a2/0x5180
[ 60.640773][ T5081] ? make_le_item_head+0x5b0/0x5b0
[ 60.645918][ T5081] ? register_lock_class+0xc2/0x930
[ 60.651108][ T5081] ? create_page_buffers+0x1c8/0x4b0
[ 60.656397][ T5081] ? __block_write_begin_int+0x1e0/0x1a80
[ 60.662125][ T5081] ? reiserfs_write_begin+0x247/0x510
[ 60.667515][ T5081] ? generic_perform_write+0x2e4/0x5e0
[ 60.673004][ T5081] ? __generic_file_write_iter+0x176/0x400
[ 60.678821][ T5081] ? vfs_write+0x7dc/0xc50
[ 60.683222][ T5081] ? ksys_write+0x177/0x2a0
[ 60.687718][ T5081] ? is_dynamic_key+0x1f0/0x1f0
[ 60.692561][ T5081] ? mark_lock+0x9a/0x350
[ 60.696877][ T5081] ? __lock_acquire+0x1292/0x1f60
[ 60.701904][ T5081] ? rcu_read_lock_sched_held+0x22/0x110
[ 60.707554][ T5081] ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 60.713551][ T5081] ? __lock_acquire+0x1f60/0x1f60
[ 60.718568][ T5081] ? alloc_page_buffers+0x326/0x460
[ 60.723757][ T5081] ? do_raw_spin_unlock+0x134/0x8a0
[ 60.728989][ T5081] ? create_page_buffers+0x244/0x4b0
[ 60.734284][ T5081] __block_write_begin_int+0x54c/0x1a80
[ 60.739861][ T5081] ? xas_load+0x127/0x150
[ 60.744217][ T5081] ? make_le_item_head+0x5b0/0x5b0
[ 60.749327][ T5081] ? page_zero_new_buffers+0x940/0x940
[ 60.754778][ T5081] ? fault_in_readable+0x219/0x310
[ 60.759887][ T5081] ? __block_write_begin+0x51/0x150
[ 60.765073][ T5081] ? reiserfs_write_begin+0x180/0x510
[ 60.770447][ T5081] reiserfs_write_begin+0x247/0x510
[ 60.775650][ T5081] generic_perform_write+0x2e4/0x5e0
[ 60.780932][ T5081] ? generic_file_direct_write+0x610/0x610
[ 60.786805][ T5081] ? __file_remove_privs+0x610/0x610
[ 60.792094][ T5081] ? generic_write_checks+0x15c/0x1c0
[ 60.797466][ T5081] __generic_file_write_iter+0x176/0x400
[ 60.803105][ T5081] generic_file_write_iter+0xab/0x310
[ 60.808498][ T5081] vfs_write+0x7dc/0xc50
[ 60.812766][ T5081] ? file_end_write+0x230/0x230
[ 60.817622][ T5081] ? ptrace_stop+0x74d/0x970
[ 60.822224][ T5081] ? _raw_spin_unlock_irq+0x2a/0x40
[ 60.827523][ T5081] ? __fdget_pos+0x252/0x2e0
[ 60.832112][ T5081] ksys_write+0x177/0x2a0
[ 60.836452][ T5081] ? __ia32_sys_read+0x80/0x80
[ 60.841293][ T5081] ? syscall_enter_from_user_mode+0x2e/0x1d0
[ 60.847271][ T5081] ? syscall_enter_from_user_mode+0x86/0x1d0
[ 60.853254][ T5081] do_syscall_64+0x3d/0xb0
[ 60.857699][ T5081] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 60.863602][ T5081] RIP: 0033:0x7f8f51398ac9
[ 60.868018][ T5081] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 60.887640][ T5081] RSP: 002b:00007ffffac9ddc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 60.896073][ T5081] RAX: ffffffffffffffda RBX: 000000000000e5cd RCX: 00007f8f51398ac9
[ 60.904058][ T5081] RDX: 000000000000fea7 RSI: 0000000020000280 RDI: 0000000000000007
[ 60.912028][ T5081] RBP: 0000000000000000 R08: 0000000000000014 R09: 00007ffffac9ddf0
[ 60.920002][ T5081] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffffac9ddec
[ 60.927978][ T5081] R13: 00007ffffac9de20 R14: 00007ffffac9de00 R15: 0000000000000006
[ 60.935963][ T5081]
[ 60.939152][ T5081] Kernel Offset: disabled
[ 60.943516][ T5081] Rebooting in 86400 seconds..